Unpingable
-
- Member
- Posts: 32
- Joined: 22 May 2009 03:52
- Location: Germany
Unpingable
Hello together,
I need some help. I'm start to configure my router. I want to configure nat and d-nat. Now I have the problem. I can't ping some internal devices. I go crazy.
Her at first my config:
!Current Configuration:
!
! NVRAM config last updated at 22:14:20 UTC Thu Mar 10 2011 by superadmin
! Statlog Configuration
!
logging on
logging buffered priority 7
logging buffered size 128
logging console 3
logging system 5
service timestamps log
logging rate-limit 1 10 tag SWE subtag DOS
logging rate-limit 1 10 tag PVSTD subtag PKT
logging rate-limit 1 10 tag SWE subtag SESSION
ip domain-name fritz.boxX
!
!
!
!VRF Configuration
!
! MULTICAST Configuration
!NOE port reservation
ip name-server 192.168.178.1
! PVST Global configuration
!
http enable
https enable
ssh enable
telnet enable
!
!
! Clock Timezone
!
!
! Clock synchronization
!
clock synchronize using ntp server 192.168.178.1 every 720 minutes
!
! CWMP Configuration
!
!
! CWMP Configuration (End)
!
!
! CWMP interface configuration
!
!
! CWMP interface configuration (End)
!
!
! SNMP Configurations
!
!
aaa services
!
username recovery password 5 947fc777de30eacc2db9649298218998
username superadmin password 5 b36eb6a54154f7301f004e1e61c87ce8
enable password switch
!
!
!
!
!
interface FastEthernet0
description extern
ip address 192.168.178.25/24
no shutdown
top
!
interface Vlan1
ip address 192.168.0.1/24
no shutdown
top
!
interface switchport0
no shutdown
top
!
interface switchport1
no shutdown
top
!
interface switchport2
no shutdown
top
!
interface switchport3
no shutdown
top
!
interface atm0
shutdown
top
!
!
match-list intnet
1 ip prefix 192.168.0.0/24 any
!
!
! Filter Policy configuration
!
!
!
! NAT Policy configuration
!
ip nat nat_list1
10 match any intnet source-nat
top
!
interface FastEthernet0
ip nat out nat_list1
top
!
!
!
! Dos attack configuration
!
!
!
! System doesn't have IDS License
! IDS configuration may not be effective
!
!Snort configuration
firewall
intrusion snort
top
!
!
! Firewall configuration
!
!
! Warning: Valid IPSEC license not found!
! IPSEC configurations may not be effective!
!
! No Algorithm Defined
! IPSEC Policy configuration
!
! No client object Defined
! No client profile Defined!
!
!QoS Configuration
!
!
!
!DDNS configurations
!
!
!
top
top
!
!Customized-Services
!
!
!
!
!
!
!
top
!
!
!
!
! DHCP Server Configuration
!
service dhcp enable
!
!ip dhcp global options
ip dhcp option routers 192.168.0.1
ip dhcp option dns-server 192.168.178.1 primary
!
ip dhcp pool p1
network 192.168.0.0 255.255.255.0
range 192.168.0.30 192.168.0.40
!
top
!
!
!
! DHCP CLIENT Configuration
!
!
ip dhcp client external
top
!
interface FastEthernet0
dhcp client external
top
!
!
!
top
top
!
!
!OAM Configuration
!
oam
top
!
!
!
!NHRP configurations
!
top
!
!
! DHCP Relay configuration
!
!
end
So I connect my laptop and a webcam on the vlan1 (switchpotz 0 and 1). My laptop ping the router and the webcam. Both works. So I test it on the router. From here I can ping my laptop, but not my webcam. (Laptop: 192.168.0.229; Webcam:192.168.0.253) So I change the webcam. In my desk I find an accesspoint. I connect it to the router with the ip address 192.168.0.50. And I have the same problem. My laptop can ping this device. But not my router. I did not know why.
Please help me.
Thanks
Christian
P.S.: I know. My english is not really go.
I need some help. I'm start to configure my router. I want to configure nat and d-nat. Now I have the problem. I can't ping some internal devices. I go crazy.
Her at first my config:
!Current Configuration:
!
! NVRAM config last updated at 22:14:20 UTC Thu Mar 10 2011 by superadmin
! Statlog Configuration
!
logging on
logging buffered priority 7
logging buffered size 128
logging console 3
logging system 5
service timestamps log
logging rate-limit 1 10 tag SWE subtag DOS
logging rate-limit 1 10 tag PVSTD subtag PKT
logging rate-limit 1 10 tag SWE subtag SESSION
ip domain-name fritz.boxX
!
!
!
!VRF Configuration
!
! MULTICAST Configuration
!NOE port reservation
ip name-server 192.168.178.1
! PVST Global configuration
!
http enable
https enable
ssh enable
telnet enable
!
!
! Clock Timezone
!
!
! Clock synchronization
!
clock synchronize using ntp server 192.168.178.1 every 720 minutes
!
! CWMP Configuration
!
!
! CWMP Configuration (End)
!
!
! CWMP interface configuration
!
!
! CWMP interface configuration (End)
!
!
! SNMP Configurations
!
!
aaa services
!
username recovery password 5 947fc777de30eacc2db9649298218998
username superadmin password 5 b36eb6a54154f7301f004e1e61c87ce8
enable password switch
!
!
!
!
!
interface FastEthernet0
description extern
ip address 192.168.178.25/24
no shutdown
top
!
interface Vlan1
ip address 192.168.0.1/24
no shutdown
top
!
interface switchport0
no shutdown
top
!
interface switchport1
no shutdown
top
!
interface switchport2
no shutdown
top
!
interface switchport3
no shutdown
top
!
interface atm0
shutdown
top
!
!
match-list intnet
1 ip prefix 192.168.0.0/24 any
!
!
! Filter Policy configuration
!
!
!
! NAT Policy configuration
!
ip nat nat_list1
10 match any intnet source-nat
top
!
interface FastEthernet0
ip nat out nat_list1
top
!
!
!
! Dos attack configuration
!
!
!
! System doesn't have IDS License
! IDS configuration may not be effective
!
!Snort configuration
firewall
intrusion snort
top
!
!
! Firewall configuration
!
!
! Warning: Valid IPSEC license not found!
! IPSEC configurations may not be effective!
!
! No Algorithm Defined
! IPSEC Policy configuration
!
! No client object Defined
! No client profile Defined!
!
!QoS Configuration
!
!
!
!DDNS configurations
!
!
!
top
top
!
!Customized-Services
!
!
!
!
!
!
!
top
!
!
!
!
! DHCP Server Configuration
!
service dhcp enable
!
!ip dhcp global options
ip dhcp option routers 192.168.0.1
ip dhcp option dns-server 192.168.178.1 primary
!
ip dhcp pool p1
network 192.168.0.0 255.255.255.0
range 192.168.0.30 192.168.0.40
!
top
!
!
!
! DHCP CLIENT Configuration
!
!
ip dhcp client external
top
!
interface FastEthernet0
dhcp client external
top
!
!
!
top
top
!
!
!OAM Configuration
!
oam
top
!
!
!
!NHRP configurations
!
top
!
!
! DHCP Relay configuration
!
!
end
So I connect my laptop and a webcam on the vlan1 (switchpotz 0 and 1). My laptop ping the router and the webcam. Both works. So I test it on the router. From here I can ping my laptop, but not my webcam. (Laptop: 192.168.0.229; Webcam:192.168.0.253) So I change the webcam. In my desk I find an accesspoint. I connect it to the router with the ip address 192.168.0.50. And I have the same problem. My laptop can ping this device. But not my router. I did not know why.
Please help me.
Thanks
Christian
P.S.: I know. My english is not really go.
Christian
I need an english upgrade
I need an english upgrade
Re: Unpingable
hi, I think the issue may be that the vlan 1 is not configured on the switchports. see an example below for a starting point
interface Vlan1
description LAN
ip address 192.168.0.1/24
no shutdown
top
!
!!!!!!!!!!!!!!!!!!!!!!!!!set the vlan on a switch port (0 in this case)
interface switchport0
switchport access vlan 1
no shutdown
top
interface Vlan1
description LAN
ip address 192.168.0.1/24
no shutdown
top
!
!!!!!!!!!!!!!!!!!!!!!!!!!set the vlan on a switch port (0 in this case)
interface switchport0
switchport access vlan 1
no shutdown
top
Best Regards
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
-
- Member
- Posts: 32
- Joined: 22 May 2009 03:52
- Location: Germany
Re: Unpingable
Okay. I check this. Thanks.
But is vlan1 not the default vlan on the switch interfaces?
Christian
But is vlan1 not the default vlan on the switch interfaces?
Christian
Christian
I need an english upgrade
I need an english upgrade
Re: Unpingable
not sure about that but I have never configured the ports as default vlan. I have always set up a seperate VLAN in my testing. I always assumed that I needed to assign the switchports to a VLAN. Now we all know what happens when we asume dont we so I may be wrong about it.
Let us know how you get on.
Let us know how you get on.
Best Regards
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
-
- Member
- Posts: 32
- Joined: 22 May 2009 03:52
- Location: Germany
Re: Unpingable
It does not work.
ALU(config-if switchport0)#switchport access vlan
** SWITCHPORT COMMANDS **
<2-4094> Set VLAN ID
ALU(config-if switchport0)#switchport access vlan
** SWITCHPORT COMMANDS **
<2-4094> Set VLAN ID
Christian
I need an english upgrade
I need an english upgrade
Re: Unpingable
sorry, just tested it and you are correct. vlan 1 is default vlan for switch ports. good to know as I have never set any of the ports on mine to vlan 1. I'll look closer and see if I can see another reason.
Best Regards
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
Re: Unpingable
okay, stupid question but for the webcam and AP you do have the default gateway set as 192.168.0.1 I guess. if so try without any polices attached to the inerfaces. are you pinging from the console or web interface of the 5510?
Best Regards
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
-
- Member
- Posts: 32
- Joined: 22 May 2009 03:52
- Location: Germany
Re: Unpingable
Yes I have set the default gateway. I tested the ping from console and web interface.
So I test it also without the nat policy, but nothing change.
Ping from the PC:
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Ping from the router:
ALU(config-firewall)# ping 192.168.0.50
Press ^C to Stop..
Sending 5,56-byte ICMP Echos to 192.168.0.50,timeout is 2 seconds
.....
Destination Unreachable
Success rate is 0 percent (0/5)
The PC and the access point are at vlan 1 (Switchport 1 an d 2).
So I test it also without the nat policy, but nothing change.
Ping from the PC:
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Ping from the router:
ALU(config-firewall)# ping 192.168.0.50
Press ^C to Stop..
Sending 5,56-byte ICMP Echos to 192.168.0.50,timeout is 2 seconds
.....
Destination Unreachable
Success rate is 0 percent (0/5)
The PC and the access point are at vlan 1 (Switchport 1 an d 2).
Christian
I need an english upgrade
I need an english upgrade
Re: Unpingable
weird, I'll try to get a chance to set up your config in mr 5510 and see what I get tomorrow.
Best Regards
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
Murray
ACSE 10.0 corporate
ACSE 6.x IPT data
-
- Member
- Posts: 32
- Joined: 22 May 2009 03:52
- Location: Germany
Re: Unpingable
I don't know why, but I fixed it. I changed from vlan 1 to vlan 2 and now I can ping every device.
I used the firewall wizard. Now I want to configure dyndns for my router. Must I add some rules for resolve dns? In the past on my cisco router I must add lines like this for the incoming traffic on the outside interface:
access-list 108 remark /---Dyndns-------------------------------/
access-list 108 permit tcp 63.208.196.0 0.0.0.255 eq www any
access-list 108 permit udp any eq domain any
I used the firewall wizard. Now I want to configure dyndns for my router. Must I add some rules for resolve dns? In the past on my cisco router I must add lines like this for the incoming traffic on the outside interface:
access-list 108 remark /---Dyndns-------------------------------/
access-list 108 permit tcp 63.208.196.0 0.0.0.255 eq www any
access-list 108 permit udp any eq domain any
Christian
I need an english upgrade
I need an english upgrade